Immigration and Customs Enforcement stirs privacy concerns with RFP

The Homeland Security Department’s Immigration and Customs Enforcement directorate is trying to give its law enforcement officers another tool to apprehend the bad guys.

And it’s making a lot of people nervous.

ICE issued a solicitation on fedbizopps.gov Feb. 12 asking for commercial technology for its law enforcement officers to hook into the National License Plate Recognition Database (NLPR).

“The database should track vehicle license plate numbers that pass through cameras or are voluntarily entered into the system from a variety of sources (access control systems, asset recovery specialists, etc.) and uploaded to share with law enforcement,” the request for proposals stated. “NLPR information will be used by DHS/ICE to assist in the location and arrest of absconders and criminal aliens. Officers should be able to query the NLPR database with license plate numbers based on investigative leads to determine where and when the vehicle has traveled. This information will assist in locating criminal aliens and absconders, and will enhance officer safety by enabling arrests to occur away from a subject’s residence. The use of NLPR will reduce the man hours required to conduct surveillance.”

The contract is for one year with four one-year options. ICE didn’t say how much it’s worth.

Advertisement

ICE detailed 23 requirements in the RFP, including an Android/iPhone application for smartphones to let officers query the NLPR data service for any ‘”Target Vehicle”‘ by entering the license plate number, state of registration and reason code, and the ability to share information amongst the user group based on specific “Hot-List” “Target Vehicle” records.

The solicitation elicited several online responses by citizens and journalists worried about the potential privacy and civil liberties issues.

In July, the American Civil Liberties Union issued a report detailing the widespread use and potential and real problems caused by license plate readers.

“Tens of thousands of license plate readers are now deployed throughout the United States. Unfortunately, license plate readers are typically programmed to retain the location information and photograph of every vehicle that crosses their path, not simply those that generate a hit,” the report stated. “The photographs and all other associated information are then retained in a database, and can be shared with others, such as law enforcement agencies, fusion centers, and private companies. Together these databases contain hundreds of millions of data points revealing the travel histories of millions of motorists who have committed no crime.”

The ACLU said DHS and the Justice Department have provided millions in grants to state and local governments to implement license plate readers.

The ACLU found that ICE, Customs and Border Protection and Drug Enforcement Administration all use or have considered this technology over the last few years.

“In addition to funding state and local purchases of license plate readers, some federal agencies maintain their own networks of license plate readers across the United States and engage in data-sharing on a national level,” the report stated. “Unfortunately, too little is known about how the federal government uses license plate data.”

ICE spokeswoman Gillian Christensen tried to alleviate some of the fears.

“In support of its public safety focus, ICE, consistent with other law enforcement agency practice, is exploring the ability to obtain access to a National License Plate Recognition database, allowing officers and agents to identify subjects of ongoing criminal investigations,” she said by email. “The database could only be accessed in conjunction with ongoing criminal investigations.”

ICE says its agents would use the database to go after suspects who could pose a threat to public safety as part of its desire to reduce the number of man hours needed to conduct surveillance.

The database would be run by a commercial company, which would collect and store the data.

Reponses to the RFP are due March 14.

One outstanding question about the program is whether the NPLR service would require DHS to conduct a privacy impact assessment.

It’s unclear whether it meets the privacy threshold because a commercial company will hold and control the data.

DHS’ Privacy Office states on its website that a PIA is required “when developing or procuring any new department program or system that will handle or collect personally identifiable information.”

When the agency previously collected license plate data, DHS developed a PIA. For example, ICE wrote a PIA in 2011 for its Security Management Closed-Circuit Television System (SM-CCTV System), which is a video-only recording system installed to monitor the interior and exterior of ICE facilities and collect images of people, license plate and any other visual information within range of its cameras.

But this was an internal system that ICE operated, and it retained the data.

CBP also developed a PIA for its Non-Intrusive Inspection Systems Program, which inspects and screens conveyances of cars, trucks, rail cars, sea containers, as well as personal luggage, packages, parcels and flat mail through either X-ray or gamma ray imaging systems, and collects PII, including license plate numbers.